“The Home Secretary says it is world leading. Not all people agree with that. Some think it is leading the world over a cliff”. Not my words but those of David Anderson Q.C. speaking yesterday at a symposium on the Investigatory Powers Bill hosted by 25 Bedford Row barristers chambers.

The Investigatory Powers Bill comes up for scrutiny in Parliament tomorrow, as the British government tries to push it through before the end of the year. This is the controversial new law that will govern electronic surveillance. But legal experts, who are not usually given to emotive language, say the Bill is bad law, and nothing more than window dressing. From a public interest perspective, the government is rushing the Bill unnecessarily. How safe will our data be under the proposed regime? Will we fall over a digital cliff as the spooks get to play with our Internet connection records?

This report is my interpretation of the legal arguments presented at the 25 Bedford Row symposium on the Investigatory Powers Bill.

The Investigatory Powers Bill is a new law designed to oversee online surveillance practices by the intelligence services, the police and law enforcement authorities. It is primarily about what they can do with our phone and online data. The aim is to deal with a change from targetted one-on-one surveillance such as telephone call interception, to surveillance practices that use electronic data analysis. These practices involve the data of many people, not only those who are directly under suspicion, and they reflect a sweeping change that has occurred over the last 25-30 years with the rise of the Internet and broadband.

There is always a balance drawn between the different competing rights. In this case, the balance is between the privacy rights of individuals and public security. The political argument is about where the line should be put.

In light of the Brussels attacks this week, we all want to to be safe, but that should not lead us to rush into decisions the compromise privacy. With online surveillance and communications traffic data, there are massive implications for privacy rights. No-one likes to have another person looking over their digital shoulder at their laptop screen.

The Investigatory Powers Bill brings together elements from the other laws that already exist for example laws governing interception of telephones and the collection and retention of communications traffic data. It puts them into one place, allowing us to see the position as a whole. It is the first time that online surveillance activities in the UK have been formally regulated under one law.

However, a major criticism is that the Investigatory Powers Bill was drafted from the perspective of the security services, without sufficient attention being given to safeguards for the general public.

There are question marks over its compliance with the European Convention on Human Rights (ECHR). All laws must be considered for ECHR compliance before they can be put before Parliament, however, as we have seen with other pieces of legislation, the government will sometimes try to wing it when drafting the ECHR Memorandum and takes advice from those who seek the Bill rather than from human rights lawyers. (See how this happened to the Digital Economy Act in my book A Copyright Masquerade).

At the heart of the legal argument over the Investigatory Powers Bill, is the role of the Home Secretary versus the role of the judiciary. This relates to the very important issue of access to surveillance data. Put very simply - who gets what, on what terms, how much they can have, and who supervises it?

The government is proposing the so-called “double lock”. This means that warrants for bulk data access and for interception of communications would have to be signed off by a Judicial Commissioner as well as the Home Secretary. Currently, only the Home Secretary would sign such warrants.

Despite the fact that it sounds like an improvement over the present process, there is considerable controversy over this “double lock”. Legal experts say it needs more work before it is ready to be adopted into legislation.

The issues surround the role of the judges. There is a danger that judges could be asked to rubber stamp requests that have been authorised by the Home Secretary, and that the process will not allow judges the time or facility to rigorously assess the proportionality of a warrant. Moreover, it seems that modification of warrants may be carried out be officials and would not have judicial oversight.

The lawyers would like to see more powers for the Judicial Commissioners than the Bill currently proposes. They argue that judges are better equipped to assess the proportionality of a request for data access and to consider the public interest in granting such a request. On a purely practical level, the Home Secretary simply cannot give each request the time it needs to makes these kinds of determinations, when she signs some 2500 applications a year.

In other words, the double lock can be broken because the individual parts are flimsy.

Further question marks surround the feasibility of data collection by communications service providers (including broadband providers and ISPs). The Bill provides for the collection and retention of Internet connection records. The definition of what is an 'Internet connection record' is a moving target – for full analysis see Graham Smith's Cyberleagle blog. This issue is at the centre of disagreement between government and industry. The broadband providers want to minimise the data required because they don't need all of it for the businesses, and it is costly to keep it.

In fact, government and industry have been arguing for the past 10 years about what should be collected, as the story of the EU Data Retention Directive will testify. (See my book The Closing of the Net ). However, the detail has changed as the Internet itself has evolved. As the network structures become more complex, so does the nature of the data it gathers and with it, the difficulty in determining what is useful, and what is not.

A new technique known as 'thematic data analysis' is especially problematic is . For example, the collection of data for 'all devices in a partcular location'. Much of the existing law was drafted before there were mobile phone or Internet, and could not have conceived of this concept. Therefore, allowing for such thematic practices would reflect a significant change in the law, as compared to the current position. According to legal experts, the safeguards for privacy in this regard are weak and need further work before this should be brought into law.

Two Parliamentary committees have already slammed the Bill - the Commons Science and Technology Committee and the notoriously cautious Intelligence and Security Committee. A third committee, whilst more cautious, has expressed quite a lot of criticism.

Overall, the volley of legal criticism must lead us to question why the Investigatory Powers Bill is being rushed through and whether it is fit for purpose?

We have clearly come a long way from the days when the government did not admit the existence of GCHQ. In that regard, the Investigatory Powers Bill is surely a step forward. However, it does seem to be a missed opportunity to re-align the oversight of surveillance for the digital era.

---

The Investigatory Powers Bill is approaching the Committee Stage in Parliament, with first meeting scheduled just before the Easter holidays.

The back story to the Bill can be found in the story of the EU Data Retention Directive (that has now been struck down by the European Court of Justice). See my new book The Closing of the Net due in the bookstores imminently.

This is an original article from Iptegrity.comand reflects research that I have carried out. If you refer to it or to its content, please cite my name as the author, and provide a link back to iptegrity.com. Media and Academics – please cite as Monica Horten, 2016, Investigatory Powers Bill - is it leading the world over a cliff? in Iptegrity.com, 22 March 2016. Commercial users - please contact me.

Iptegrity.com is the website of Dr Monica Horten. She is a trainer & consultant on Internet governance policy, published author& Visiting Fellow at the London School of Economics & Political Science. She served as an independent expert on the Council of Europe Committee on Internet freedom. She has worked on CoE, EU and UNDP funded projects in eastern Europe and beyond. She was shortlisted for The Guardian Open Internet Poll 2012. Iptegrity offers expert insights into Internet policy (and now Brexit). Iptegrity has a core readership in the Brussels policy community, and has been cited in the media. Please acknowledge Iptegrity when you cite or link. For more, see IP politics with integrity

Copyright Monica Horten 2007-2017. This website is released under a Creative Commons Attribution, Non-commercial, Share-Alike licence. It may be used for non-commercial purposes only and the author's name should be attributed wherever content is reproduced or cited.